St. Clair Software
In this paper, the authors were instructed to devise passwords that they might use for an important purpose, and then asked how they had developed those passwords. The passwords developed were evaluated according to their complexity and adherence to strong password development standards, and then were subjected to attack from a standard hacker tool. Results indicated generally weak passwords were developed. In contrast to best practices, passwords developed were overwhelmingly related in some way to the developer of the password. Implications for the development of strong passwords, and for further research and practice are discussed.